GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
9 advisories
DOS and excessive memory usage when passing untrusted user input to to dag import
Moderate
GHSA-f2gr-7299-487h
was published
for
github.com/ipfs/go-ipfs
(Go)
Jul 6, 2022
Signature forgery in Biscuit
Critical
CVE-2022-31053
was published
for
biscuit-auth
(Go)
Jun 17, 2022
Arbitrary File Write via Archive Extraction in mholt/archiver
Moderate
CVE-2018-1002207
was published
for
github.com/mholt/archiver
(Go)
Feb 15, 2022
Path Traversal in HashiCorp Nomad
Moderate
CVE-2020-28348
was published
for
github.com/hashicorp/nomad
(Go)
Feb 15, 2022
GitHub CLI can execute a git binary from the current directory
Moderate
GHSA-fqfh-778m-2v32
was published
for
github.com/cli/cli
(Go)
Feb 11, 2022
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
Moderate
CVE-2020-15129
was published
for
github.com/containous/traefik
(Go)
Feb 11, 2022
Improper Certificate Handling
Moderate
CVE-2020-9321
was published
for
github.com/traefik/traefik
(Go)
Sep 2, 2021
HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0
Critical
CVE-2021-38553
was published
for
github.com/hashicorp/vault
(Go)
Aug 30, 2021
Authorization Policy Bypass Due to Case Insensitive Host Comparison
High
CVE-2021-39155
was published
for
istio.io/istio
(Go)
Aug 30, 2021
ProTip!
Advisories are also available from the
GraphQL API